Do you know about the SY0-501 Security+ beta questions that are appearing in the SY0-401 Security+ exam?
Lately, many people have reported seeing questions that were completely unfamiliar to them. For example, they report seeing many questions about Linux command line tools. Often, the materials they studied didn’t cover the content, which has them a little confused.
Worse, they sometimes see so many of these questions that they start to think they’ll fail the exam.
Security+ Beta Questions Not Graded
CompTIA uses Security+ beta questions for testing. If everyone gets the question correct, the question is too easy. If everyone gets the question incorrect, the question is too difficult. They determine a question is valid using some predetermined metric between these two extremes.
The good news is that beta questions aren’t graded. The bad news is that you do not know what questions are beta questions so you have to answer each question as if it’s a valid question.
CompTIA has been adding these questions as beta questions on the current version of the SY0-401 exam to test questions for the SY0-501 exam.
That’s right, you’ll see 501 questions on the 401 exam. In other words, these are questions based of the 501 objectives that are not covered by the 401 objectives. They did the same thing when testing questions for the SY0-401 exam while the SY0-301 exam was live.
Almost all test vendors test questions this way so it isn’t anything new. However, it can be a little disconcerting when you see five or more questions that look completely foreign to you.
SY0-501 Objectives Now Available
CompTIA recently released more details on the SY0-501 version of the exam including the objectives.
New Objectives include Linux Commands
There are many changes, but one thing worth noting is that CompTIA will be directly testing people on their knowledge of many command line tools. For example, objective 2.2 “Given a scenario, use appropriate software tools to assess the security posture of an organization” includes this section:
Command line tools
- ping
- netstat
- tracert
- nslookup / dig
- arp
- ipconfig/ip/ifconfig
- tcpdump
- nmap
- netcat
If you’re familiar with the command line, you probably recognize that some of these are Windows command line questions and others are Linux command line questions.
Nslookup and dig
As an example, you can use the dig and nslookup commands to query Domain Name System (DNS) servers.
Linux-based command query DNS from the Linux terminal using the dig command. The following command verifies the system can resolve the hostname gcgapremium.com to an IP address.
dig gcgapremium.com
On Windows systems, you can use nslookup instead.
nslookup gcgapremium.com
Both commands have similar purposes, but are implemented quite differently.
In contrast, the SY0-401 version of the exam doesn’t reference any command-line tools.
This is exactly why people are seeing more and more Linux command line questions on the exam.
CompTIA commonly adds beta questions for the next version of the exam in the current version. The good news is that the beta questions aren’t graded.
SY0-501 Coming in Fall of 2017
Many people have been querying me about the new Security+ exam (SY0-501). Here’s some information you might find useful:
- The SY0-501 exam is scheduled to go live on October 4th, 2017.
- The current version (SY0-401) will remain available until July 2018.
- If you pass the current version, you are Security+ certified even after the new SY0-501 exam comes out.
- You can access the new objectives from the CompTIA site.
Don’t Panic with Security+ Beta Questions
With all this in mind, if you come across a question on the exam that isn’t familiar at all to you, don’t panic. It may indeed be a beta question. And of course, the good news is that beta questions aren’t graded.
Master Performance Based Questions Video: https://www.youtube.com/watch?v=b_1s9njlWLU
Then again, if the first 50 questions don’t look familiar, feel free to start panicking. It could be that you weren’t studying the right material and you’ll have another opportunity to take the exam in the future. With that in mind, make sure you read up on the new Security+ performance based questions before taking the exam.
Do You Want to Play with the Linux Command Line?
Most people have Windows systems so have no trouble using them to play around with the command line. However, many people don’t have a Linux system. Here’s a solution.
Kali Linux is a free Debian-based Linux distribution you can use to experiment with command line tools and many other security tasks. If you’re taking a cybersecurity exam, you can use it to experiment with command line tools.
Here are three labs you can follow to install Kali Linux in a virtual environment and run Linux commands to see how they work.
Install VMware Workstation Player